Multi-Tenancy and Data Protection of PaaS Cloud Solutions

The following post clarifies how cloud PaaS achieves its support for multi-tenancy. I compare cloud IaaS approach to that of PaaS multi-tenancy approach and also cover the PaaS data protection.

Multi-Tenancy in PaaS Cloud

Before we dig deeper into the topic of cloud tenancy, it is somewhat vital to explain the terms such as ‘multi-tenancy’ and ‘single-tenancy’.

To explain the topic, let’s use a housing analogy. The multi-tenancy would describe a scenario where people live in a condominium building, all sharing the same infrastructure, but each living in their own apartment; whereas single-tenancy refers to a person that lives in a single detached house, not sharing their dedicated infrastructure/resources with any other tenant.

The term ‘cloud tenant’ would refer to an application instance hosted in either on premise or external cloud that uses the underlying virtual cloud environment in either dedicated (single-tenant) or shared (multi-tenant) architecture model.

Figure 1 illustrates the difference between multi-tenant model and single-tenant model.

Figure 1 – Jepsen, C. (2015).

When referring to PaaS multi-tenancy, even though the multi-tenancy is sharing of the underlying resources, each application instance in PaaS deployment model runs in its own secure and segregated space. It is the code sandbox that predominantly isolates the applications that execute within the area of the service container. It is important to note that PaaS also supports an option for the distinct and dedicated container, which would usually refer to a single tenancy PaaS approach.

Illustrated in Figure 2 is sharing of the infrastructure resources, which is a key to running applications in the cloud PaaS deployment model.

According to Oracle, “The consolidation implies that multiple PaaS instances will reside on the same servers and there must exist a way to isolate tenants from each other. At a minimum, a PaaS solution must isolate Tenant sessions, Tenant processes and Tenant data” (Oracle.com, 2017).

Each of the tenant’s application running on the application platform which is part of the app container can support multiple application users. Figure 2 also illustrates the multi-user vs. multi-tenancy model, because as we can see, the multi-user model is enabled by the multi-tenancy itself.

Figure 2 – Cloud Computing Fundamentals and Cloud-Based Services Engineering. (CCENG, 2017).

PaaS Data Protection

“In a 2013 report from The Aberdeen Group, it was claimed that 32% of companies had experienced loss of critical data in the cloud, 64% of which was due to user errors.” (Zerto, 2015).

The data protection should always be an integral part of the PaaS middleware security services security services.

PaaS applications, nor its users should ever gain the permission to access infrastructure resources and services they do not own. The mandate of PaaS data protection thus is to implement and enforce access restrictions to a variety of applications containers running in the PaaS platform. The major functions such as authentication, authorization, user access control and identity management, in essence, implement the overall security of the app container segregation.

Conclusion

“Multi-tenancy applies to all three layers of a cloud: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS)” (Kajeepeta, 2017).

The actual degree of multi-tenancy varies among different cloud vendors. While some cloud providers may offer a high level of multi-tenancy support (one that encompasses all of the cloud architecture layers), others may limit support to IaaS or PaaS only.  

Nevertheless, the high-level approach to PaaS multi-tenancy is analogous to that of cloud IaaS, even though the PaaS cloud multi-tenancy goes well beyond the IaaS layer.

We could conclude, that in a typical multi-tenant PaaS platform, similarly to IaaS, each application runs in its separate space, meanwhile still sharing the compute, storage and network resources, as well as providing a complete separation of the security domain and application related data and processes.

 

References

Kajeepeta, S. (2017). Multi-tenancy in the cloud: Why it matters. [online] Computerworld. Available at: http://www.computerworld.com/article/2517005/data-center/multi-tenancy-in-the-cloud–why-it-matters.html [Accessed 24 Jun. 2017].

Jepsen, C. (2015). Does multi-tenancy really matter anymore?. [online] diginomica. Available at: http://diginomica.com/2015/12/08/does-multi-tenancy-really-matter-anymore/ [Accessed 24 Jun. 2017].

Oracle.com. (2017). PaaS Multi Tenancy. [online] Available at: http://www.oracle.com/technetwork/topics/cloud/paas-multi-tenancy-092593.html [Accessed 24 Jun. 2017].

CCENG (2017). Cloud Computing Fundamentals and Cloud-Based Services Engineering. [online] Available at: https://elearning.uol.ohecampus.com/bbcswebdav/institution/UKL1/201760JUN/MS_CKIT/CKIT_523/readings/UKL1_CKIT_523_Week04_LectureNotes.pdf [Accessed 24 Jun. 2017].

Zerto. (2015). Data Protection for PaaS and SaaS Business Continuity and Disaster Recovery. [online] Available at: https://www.zerto.com/blog/general/data-protection-methodologies-for-the-saas-and-paas-use-case/ [Accessed 24 Jun. 2017].

 

Facebook Comments